Jump to content

WhiteSmoke


Recommended Posts

Sorry for the double post but here is the ComboFix log.

ComboFix 12-08-17.03 - Compbro 08/17/2012 22:40:03.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6072 [GMT -5:00]

Running from: c:\users\Compbro\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))

.

.

2012-08-18 03:43 . 2012-08-18 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-18 03:20 . 2012-08-18 03:20 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-08-17 20:01 . 2012-08-17 20:01 -------- d-----w- c:\program files (x86)\Seagate File Recovery for Windows

2012-08-17 19:47 . 2012-08-17 19:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-08-16 22:39 . 2012-08-16 22:41 -------- d-----w- c:\program files\Picasa3

2012-08-16 22:38 . 2012-08-16 22:38 -------- d-----w- c:\program files (x86)\Conduit

2012-08-16 16:38 . 2012-08-16 16:38 -------- d-----w- c:\program files (x86)\Google

2012-08-16 16:38 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-16 16:38 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-16 16:38 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-16 16:38 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-16 16:38 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe

2012-08-16 16:38 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-16 16:37 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-16 16:37 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-16 16:37 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll

2012-08-16 16:37 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-16 16:37 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-08-16 16:37 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll

2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Common Files\Logitech

2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Logitech

2012-08-10 21:01 . 2012-08-10 21:01 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\SysWow64\Wat

2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\system32\Wat

2012-08-10 19:47 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-08-10 19:47 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-08-10 19:33 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2012-08-10 19:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2012-08-10 19:20 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-08-10 19:20 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-08-10 19:20 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-08-10 19:20 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-08-10 19:20 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-08-10 19:20 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-08-10 19:20 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-08-10 19:20 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-08-10 19:20 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-08-10 19:20 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-08-10 19:09 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-08-10 19:09 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-08-10 19:09 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-08-10 19:09 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-08-10 19:09 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-10 19:09 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-08-10 19:09 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-08-10 19:06 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-08-10 16:53 . 2012-08-16 16:48 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-08-10 16:51 . 2012-08-10 16:51 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-08-10 16:46 . 2012-08-10 16:46 -------- d-----w- c:\programdata\EA Core

2012-08-10 16:46 . 2012-08-10 20:13 -------- d-----w- c:\programdata\EA Logs

2012-08-10 08:36 . 2012-08-10 08:36 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2012-08-10 08:35 . 2012-08-16 16:48 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-10 08:35 . 2012-08-16 16:48 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-08-10 08:35 . 2012-08-10 16:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-08-10 08:22 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe

2012-08-10 08:21 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-08-10 08:20 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll

2012-08-10 08:19 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-08-10 08:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-08-10 08:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-08-10 08:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-08-10 08:16 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-10 08:15 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll

2012-08-10 08:14 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-10 08:08 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-08-10 08:08 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-08-10 05:00 . 2012-08-10 05:01 -------- d-----w- c:\program files (x86)\Origin Games

2012-08-10 04:59 . 2012-08-10 16:46 -------- d-----w- c:\programdata\Electronic Arts

2012-08-10 04:59 . 2012-08-10 05:01 -------- d-----w- c:\programdata\Origin

2012-08-10 04:59 . 2012-08-10 05:00 -------- d-----w- c:\program files (x86)\Origin

2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\programdata\AVG Secure Search

2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-08-10 04:48 . 2012-08-10 04:48 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-08-10 04:47 . 2012-08-18 03:14 -------- d-----w- c:\windows\system32\drivers\AVG

2012-08-10 04:47 . 2012-08-12 04:28 -------- d-----w- c:\programdata\AVG2012

2012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- C:\$AVG

2012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- c:\program files (x86)\AVG

2012-08-10 04:44 . 2012-08-18 03:15 -------- d-----w- c:\programdata\MFAData

2012-08-10 04:44 . 2012-08-10 04:44 -------- d--h--w- c:\programdata\Common Files

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\ATI

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\AMD

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD AVT

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD APP

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-08-10 04:23 . 2012-08-17 20:57 -------- d-sh--w- c:\windows\Installer

2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files\ATI

2012-08-10 04:22 . 2012-08-10 04:24 -------- d-----w- c:\program files\ATI Technologies

2012-08-10 04:05 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0C74DAE-9047-4255-8E45-3C43E343064B}\mpengine.dll

2012-08-10 04:05 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-08-10 04:02 . 2012-08-10 04:02 -------- d-----w- c:\program files\WinRAR

2012-08-10 03:47 . 2012-08-10 03:47 0 ----a-w- c:\windows\ativpsrm.bin

2012-08-10 03:45 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2012-08-10 03:45 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2012-08-10 03:45 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-08-10 03:45 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-08-10 03:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-08-09 22:00 . 2012-08-09 21:23 -------- d-----w- c:\windows\Panther

2012-08-09 21:51 . 2012-08-09 21:51 -------- d-----w- C:\Windows.old

2012-08-09 21:24 . 2012-08-09 21:25 -------- d-----w- c:\users\Compbro

2012-08-09 21:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-09 21:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-09 21:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-09 21:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-09 21:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-08-09 21:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-08-09 21:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-08-09 21:23 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-09 21:23 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-09 18:17 . 2012-08-09 18:17 -------- d-----w- C:\AMD

2012-08-08 20:35 . 2012-08-09 21:21 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 18:48 . 2012-06-11 18:48 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-06-11 18:48 . 2012-06-11 18:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2011-04-20 07:09 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2011-04-20 06:38 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2011-04-20 06:30 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2011-04-20 06:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2011-04-20 06:21 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job

- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57]

.

2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job

- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1 68.238.96.12

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{462be121-2b54-4218-bf00-b9bf8135b23f} - (no file)

Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2012-08-17 22:51:49 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-18 03:51

.

Pre-Run: 18,371,325,952 bytes free

Post-Run: 18,095,607,808 bytes free

.

- - End Of File - - DAE11FA155E4B64C10BA99983BAB090C

Link to post
Share on other sites

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. :)

Sorry for the double post but here is the ComboFix log.

Please do not run ComboFix without the supervision of a helper, such as myself, as it is a very powerful tool and using it incorrectly can cause damage to your computer. Please keep this in mind. :)

You have Conduit installed. This program has been known to exhibit suspicious behaviour (please see here for more information). I recommend removing Conduit.

You can do this by going to Start>Control Panel>Programs and Features>Programs and uninstalling the following (if present):

  • Conduit
  • Conduit Engine
  • Conduit Motor
  • WhiteSmoke

Please restart your computer after these program removals.

==========

Next, please download to your Desktop SystemLook by jpshortstuff from here.

Double-click SystemLook.exe and copy and paste the content of the following codebox (starting with :filefind) into the main textfield and click the Look button to start the scan:

:filefind
*WhiteSmoke*
:folderfind
*WhiteSmoke*
:regfind
WhiteSmoke

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note:
The log can also be found on your Desktop entitled
SystemLook.txt
.

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 03:33 on 18/08/2012 by Compbro

Administrator - Elevation successful

========== filefind ==========

Searching for "*WhiteSmoke*"

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage --a---- 3072 bytes [19:56 17/08/2012] [19:56 17/08/2012] CEAC9CFA4B7BAA5DC331972C3081A832

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage-journal --a---- 3608 bytes [19:56 17/08/2012] [19:56 17/08/2012] 1D4B95391958ADFFB2D7C59BEF525B46

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage --a---- 3072 bytes [19:43 17/08/2012] [03:18 18/08/2012] 350B9721E7F97ABC556E9586939BA3CB

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage-journal --a---- 3608 bytes [19:43 17/08/2012] [03:18 18/08/2012] DF035E24DEF02A5CADF7635EBF05AD2B

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage --a---- 3072 bytes [19:55 17/08/2012] [03:25 18/08/2012] 350B9721E7F97ABC556E9586939BA3CB

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage-journal --a---- 3608 bytes [19:55 17/08/2012] [03:25 18/08/2012] A474C5DDEF50A0A12E4828B3AF733D6E

========== folderfind ==========

Searching for "*WhiteSmoke*"

No folders found.

========== regfind ==========

Searching for "WhiteSmoke"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725399351616___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725399351616%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725399351616%22%2C%22onBeforeLoadData%22%3A%22%7B%

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725399820364___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725399820364%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725399820364%22%2C%22originalHeight%22%3A25%2C%

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725402320352___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725402320352%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725402320352%22%2C%22originalHeight%22%3A24%2C%

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725403414096___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725403414096%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725403414096%22%2C%22originalHeight%22%3A26%2C%

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725403726597___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725403726597%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725403726597%22%2C%22originalHeight%22%3A26%2C%22

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_1000082___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%221000082%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%221000082%22%2C%22tabInfo%22%3A%7B%7D%7D%2C%22viewId%22%3A%220.30513234599493444%22%7D"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725405445339___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725405445339%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%22129895725405445339%22%2C%22originalHeight%22%3A24%2C%22

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_4925864906806966160___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%224925864906806966160%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%224925864906806966160%22%2C%22originalHeight%22%3A26%2

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22WhiteSmoke_US_New%22%7D"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%7D"

[HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_92dad837-b406-451b-9bd8-b8ba1103fed1___kfkcangbigakljkjeglcofaomihpejif"="%7B%22position%22%3A%7B%22left%22%3A2%2C%22top%22%3A33%2C%22right%22%3A46%2C%22isAbsolute%22%3Atrue%7D%2C%22buttonWidth%22%3A42%2C%22appId%22%3A%22129496561699250735%22%2C%22viewId%22%3A%220.32803047890774906%22%2C%22loggerData%22%3A%7B%22from%22%3A%22menu%22%2C%22action%22%3A%22menu%22%2C%22startTime%22%3A1345260323581%2C%22isApi%22%3Afalse%2C%22isWithState%22%3Atrue%7D%2C%22menuId%22%3A1%2C%22isMenu%22%3Atrue%2C%22flowid%22%3A%220.17985008819960058%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22icon%22%

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725399351616___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725399351616%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%2212989572539935161

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725399820364___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725399820364%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%2212989572539982

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725402320352___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725402320352%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%2212989572540232

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725403414096___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725403414096%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Afalse%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Afalse%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%2212989572540341

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725403726597___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725403726597%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%221298957254037265

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_1000082___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%221000082%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%221000082%22%2C%22tabInfo%22%3A%7B%7D%7D%2C%22viewId%22%3A%220.30513234599493444%22%7D"

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_129895725405445339___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%22129895725405445339%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Atrue%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%221298957254054453

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_4925864906806966160___kfkcangbigakljkjeglcofaomihpejif"="%7B%22appId%22%3A%224925864906806966160%22%2C%22context%22%3A%22embedded%22%2C%22apiPermissions%22%3A%7B%22crossDomainAjax%22%3Atrue%2C%22getMainFrameTitle%22%3Atrue%2C%22getMainFrameUrl%22%3Atrue%2C%22getSearchTerm%22%3Afalse%2C%22instantAlert%22%3Atrue%2C%22jsInjection%22%3Atrue%2C%22sslGranted%22%3Afalse%7D%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%3A%22WhiteSmoke_US_New%22%2C%22downloadUrl%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%2C%22version%22%3A%2210.11.21.5%22%2C%22cID%22%3A%22kfkcangbigakljkjeglcofaomihpejif/%22%7D%2C%22appId%22%3A%224925864906806

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22WhiteSmoke_US_New%22%7D"

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl"="%7B%22dataType%22%3A%22string%22%2C%22data%22%3A%22http%3A//WhiteSmokeUSNew.OurToolbar.com/%22%7D"

[HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit\ChromeExtData\kfkcangbigakljkjeglcofaomihpejif\Repository]

"gadgetsContextHash_92dad837-b406-451b-9bd8-b8ba1103fed1___kfkcangbigakljkjeglcofaomihpejif"="%7B%22position%22%3A%7B%22left%22%3A2%2C%22top%22%3A33%2C%22right%22%3A46%2C%22isAbsolute%22%3Atrue%7D%2C%22buttonWidth%22%3A42%2C%22appId%22%3A%22129496561699250735%22%2C%22viewId%22%3A%220.32803047890774906%22%2C%22loggerData%22%3A%7B%22from%22%3A%22menu%22%2C%22action%22%3A%22menu%22%2C%22startTime%22%3A1345260323581%2C%22isApi%22%3Afalse%2C%22isWithState%22%3Atrue%7D%2C%22menuId%22%3A1%2C%22isMenu%22%3Atrue%2C%22flowid%22%3A%220.17985008819960058%22%2C%22context%22%3A%22popup%22%2C%22popupId%22%3A%221%22%2C%22info%22%3A%7B%22platform%22%3A%7B%22browser%22%3A%22Chrome%22%2C%22browserVersion%22%3A%2221.0.1180.79%22%2C%22locale%22%3A%22en-US%22%2C%22OS%22%3A%22Windows%22%2C%22OSVersion%22%3A%226.1%22%7D%2C%22toolbar%22%3A%7B%22id%22%3A%22CT3244149%22%2C%22name%22%

-= EOF =-

Link to post
Share on other sites

Howdy howtodumb. :)

It would appear Conduit is linked to WhiteSmoke in this instance, so please make sure you have uninstalled Conduit as per my previous post before proceeding.

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    File::
    C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage
    C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage-journal
    C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage
    C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage-journal
    C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage
    C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage-journal
    Registry::
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\Conduit]
    [-HKEY_USERS\S-1-5-21-447234750-1175504839-4170690110-1001\Software\AppDataLow\Software\Conduit]
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply and let me know if WhiteSmoke is still present. :)

Link to post
Share on other sites

I can't find Conduit in my Uninstall screen unfortunately. But I did find its folder and deleted it. The script you posted seemed to have worked... that it until I opened my browser. Looks like the toolbar installed itself yet again. Gave me the welcome screen and everything. Nonetheless, here is the log.

ComboFix 12-08-17.03 - Compbro 08/18/2012 4:58.2.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6417 [GMT -5:00]

Running from: c:\users\Compbro\Desktop\ComboFix.exe

Command switches used :: c:\users\Compbro\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage-journal"

"c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage"

"c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage-journal"

"c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage"

"c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage-journal"

"c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage"

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage-journal

c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmoketools.ourtoolbar.com_0.localstorage

c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage-journal

c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_whitesmokeusnew.ourtoolbar.com_0.localstorage

c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage-journal

c:\users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.whitesmoke.com_0.localstorage

.

.

((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))

.

.

2012-08-18 03:20 . 2012-08-18 03:20 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-08-17 20:01 . 2012-08-17 20:01 -------- d-----w- c:\program files (x86)\Seagate File Recovery for Windows

2012-08-17 19:47 . 2012-08-17 19:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-08-16 22:39 . 2012-08-16 22:41 -------- d-----w- c:\program files\Picasa3

2012-08-16 16:38 . 2012-08-16 16:38 -------- d-----w- c:\program files (x86)\Google

2012-08-16 16:38 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-16 16:38 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-16 16:38 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-16 16:38 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-16 16:38 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe

2012-08-16 16:38 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-16 16:37 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-16 16:37 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-16 16:37 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll

2012-08-16 16:37 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-16 16:37 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-08-16 16:37 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll

2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Common Files\Logitech

2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Logitech

2012-08-10 21:01 . 2012-08-10 21:01 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\SysWow64\Wat

2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\system32\Wat

2012-08-10 19:47 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-08-10 19:47 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-08-10 19:33 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2012-08-10 19:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2012-08-10 19:20 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-08-10 19:20 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-08-10 19:20 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-08-10 19:20 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-08-10 19:20 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-08-10 19:20 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-08-10 19:20 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-08-10 19:20 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-08-10 19:20 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-08-10 19:20 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-08-10 19:09 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-08-10 19:09 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-08-10 19:09 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-08-10 19:09 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-08-10 19:09 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-10 19:09 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-08-10 19:09 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-08-10 19:06 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-08-10 16:53 . 2012-08-18 08:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-08-10 16:51 . 2012-08-10 16:51 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-08-10 16:46 . 2012-08-10 16:46 -------- d-----w- c:\programdata\EA Core

2012-08-10 16:46 . 2012-08-10 20:13 -------- d-----w- c:\programdata\EA Logs

2012-08-10 08:36 . 2012-08-10 08:36 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2012-08-10 08:35 . 2012-08-18 08:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-10 08:35 . 2012-08-18 08:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-08-10 08:35 . 2012-08-10 16:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-08-10 08:22 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe

2012-08-10 08:21 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-08-10 08:20 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll

2012-08-10 08:19 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-08-10 08:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-08-10 08:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-08-10 08:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-08-10 08:16 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-10 08:15 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll

2012-08-10 08:14 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-10 08:08 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-08-10 08:08 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-08-10 05:00 . 2012-08-10 05:01 -------- d-----w- c:\program files (x86)\Origin Games

2012-08-10 04:59 . 2012-08-10 16:46 -------- d-----w- c:\programdata\Electronic Arts

2012-08-10 04:59 . 2012-08-10 05:01 -------- d-----w- c:\programdata\Origin

2012-08-10 04:59 . 2012-08-10 05:00 -------- d-----w- c:\program files (x86)\Origin

2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\programdata\AVG Secure Search

2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-08-10 04:48 . 2012-08-10 04:48 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-08-10 04:47 . 2012-08-18 03:14 -------- d-----w- c:\windows\system32\drivers\AVG

2012-08-10 04:47 . 2012-08-12 04:28 -------- d-----w- c:\programdata\AVG2012

2012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- C:\$AVG

2012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- c:\program files (x86)\AVG

2012-08-10 04:44 . 2012-08-18 03:15 -------- d-----w- c:\programdata\MFAData

2012-08-10 04:44 . 2012-08-10 04:44 -------- d--h--w- c:\programdata\Common Files

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\ATI

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\AMD

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD AVT

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD APP

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-08-10 04:23 . 2012-08-17 20:57 -------- d-sh--w- c:\windows\Installer

2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files\ATI

2012-08-10 04:22 . 2012-08-10 04:24 -------- d-----w- c:\program files\ATI Technologies

2012-08-10 04:05 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0C74DAE-9047-4255-8E45-3C43E343064B}\mpengine.dll

2012-08-10 04:05 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-08-10 04:02 . 2012-08-10 04:02 -------- d-----w- c:\program files\WinRAR

2012-08-10 03:47 . 2012-08-10 03:47 0 ----a-w- c:\windows\ativpsrm.bin

2012-08-10 03:45 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2012-08-10 03:45 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2012-08-10 03:45 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-08-10 03:45 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-08-10 03:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-08-09 22:00 . 2012-08-09 21:23 -------- d-----w- c:\windows\Panther

2012-08-09 21:51 . 2012-08-09 21:51 -------- d-----w- C:\Windows.old

2012-08-09 21:24 . 2012-08-09 21:25 -------- d-----w- c:\users\Compbro

2012-08-09 21:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-09 21:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-09 21:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-09 21:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-09 21:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-08-09 21:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-08-09 21:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-08-09 21:23 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-09 21:23 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-09 18:17 . 2012-08-09 18:17 -------- d-----w- C:\AMD

2012-08-08 20:35 . 2012-08-09 21:21 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 18:48 . 2012-06-11 18:48 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-06-11 18:48 . 2012-06-11 18:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2011-04-20 07:09 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2011-04-20 06:38 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2011-04-20 06:30 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2011-04-20 06:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2011-04-20 06:21 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job

- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job

- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1 68.238.96.12

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2012-08-18 05:08:07 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-18 10:08

ComboFix2.txt 2012-08-18 03:51

.

Pre-Run: 21,801,312,256 bytes free

Post-Run: 21,741,805,568 bytes free

.

- - End Of File - - D7CAECC8523602A0C95901DE79D1A193

Link to post
Share on other sites

Hello howtodumb. :)

Please follow these instructions to remove the remaining malicious entries:

  • Please close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open Notepad and copy/paste the text in the quotebox below into it:
    Please Note: Do NOT use any other text editor than Notepad or the CFScript will fail.

    killall::
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3244149
  • Save this as CFScript.txt, in the same location as ComboFix.exe.
    CFScriptB-4.gif
  • Referring to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at C:\ComboFix.txt.

Please post the ComboFix.txt in your next reply.

Then, please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

==========

Please provide in your reply:

  • ComboFix.txt.
  • OTL.txt.
  • Extras.txt.

Is WhiteSmoke still present?

Link to post
Share on other sites

Alright so I ran OTL and ComboFix with that script. WhiteSmoke still present unfortunately. Here are the logs. ComboFix first then OTL.

ComboFix 12-08-18.03 - Compbro 08/18/2012 16:34:51.3.2 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8191.6733 [GMT -5:00]

Running from: c:\users\Compbro\Desktop\ComboFix.exe

Command switches used :: c:\users\Compbro\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-18 to 2012-08-18 )))))))))))))))))))))))))))))))

.

.

2012-08-18 21:39 . 2012-08-18 21:39 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-18 03:20 . 2012-08-18 03:20 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-08-17 20:01 . 2012-08-17 20:01 -------- d-----w- c:\program files (x86)\Seagate File Recovery for Windows

2012-08-17 19:47 . 2012-08-17 19:47 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2012-08-16 22:39 . 2012-08-16 22:41 -------- d-----w- c:\program files\Picasa3

2012-08-16 16:38 . 2012-08-16 16:38 -------- d-----w- c:\program files (x86)\Google

2012-08-16 16:38 . 2012-05-05 08:30 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-16 16:38 . 2012-05-05 07:44 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-16 16:38 . 2012-02-11 06:36 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-16 16:38 . 2012-02-11 06:29 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-16 16:38 . 2012-02-11 06:29 67584 ----a-w- c:\windows\splwow64.exe

2012-08-16 16:38 . 2012-02-11 05:44 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-16 16:37 . 2012-07-04 21:23 41472 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-16 16:37 . 2012-07-04 22:04 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-16 16:37 . 2012-07-04 22:01 58880 ----a-w- c:\windows\system32\browcli.dll

2012-08-16 16:37 . 2012-07-04 22:01 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-16 16:37 . 2012-07-18 17:31 3146752 ----a-w- c:\windows\system32\win32k.sys

2012-08-16 16:37 . 2012-05-14 05:20 956416 ----a-w- c:\windows\system32\localspl.dll

2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Common Files\Logitech

2012-08-13 04:18 . 2012-08-13 04:18 -------- d-----w- c:\program files\Logitech

2012-08-10 21:01 . 2012-08-10 21:01 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\SysWow64\Wat

2012-08-10 20:02 . 2012-08-10 20:02 -------- d-----w- c:\windows\system32\Wat

2012-08-10 19:47 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll

2012-08-10 19:47 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll

2012-08-10 19:33 . 2009-09-10 06:28 311808 ----a-w- c:\windows\system32\msv1_0.dll

2012-08-10 19:33 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll

2012-08-10 19:20 . 2009-11-25 17:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll

2012-08-10 19:20 . 2009-11-25 17:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll

2012-08-10 19:20 . 2009-11-25 17:47 48960 ----a-w- c:\windows\system32\netfxperf.dll

2012-08-10 19:20 . 2009-11-25 17:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll

2012-08-10 19:20 . 2009-11-25 17:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe

2012-08-10 19:20 . 2009-11-25 17:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll

2012-08-10 19:20 . 2009-11-25 17:47 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-08-10 19:20 . 2009-11-25 17:47 444752 ----a-w- c:\windows\system32\mscoree.dll

2012-08-10 19:20 . 2009-11-25 17:47 320352 ----a-w- c:\windows\system32\PresentationHost.exe

2012-08-10 19:20 . 2009-11-25 17:47 1942856 ----a-w- c:\windows\system32\dfshim.dll

2012-08-10 19:09 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-08-10 19:09 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-08-10 19:09 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-08-10 19:09 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll

2012-08-10 19:09 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-08-10 19:09 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-08-10 19:09 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-08-10 19:06 . 2010-03-04 04:32 243712 ----a-w- c:\windows\system32\drivers\ks.sys

2012-08-10 16:53 . 2012-08-18 08:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-08-10 16:51 . 2012-08-10 16:51 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins

2012-08-10 16:46 . 2012-08-10 16:46 -------- d-----w- c:\programdata\EA Core

2012-08-10 16:46 . 2012-08-10 20:13 -------- d-----w- c:\programdata\EA Logs

2012-08-10 08:36 . 2012-08-10 08:36 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller

2012-08-10 08:35 . 2012-08-18 08:36 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-10 08:35 . 2012-08-18 08:36 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-08-10 08:35 . 2012-08-10 16:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-08-10 08:22 . 2009-10-28 06:24 389632 ----a-w- c:\windows\system32\winlogon.exe

2012-08-10 08:21 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-08-10 08:20 . 2010-05-05 07:37 483840 ----a-w- c:\windows\system32\StructuredQuery.dll

2012-08-10 08:19 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2012-08-10 08:18 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll

2012-08-10 08:18 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-08-10 08:18 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-08-10 08:16 . 2012-05-04 10:52 5505392 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-08-10 08:15 . 2009-08-29 07:50 46592 ----a-w- c:\windows\system32\msasn1.dll

2012-08-10 08:14 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll

2012-08-10 08:08 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll

2012-08-10 08:08 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll

2012-08-10 05:00 . 2012-08-10 05:01 -------- d-----w- c:\program files (x86)\Origin Games

2012-08-10 04:59 . 2012-08-10 16:46 -------- d-----w- c:\programdata\Electronic Arts

2012-08-10 04:59 . 2012-08-10 05:01 -------- d-----w- c:\programdata\Origin

2012-08-10 04:59 . 2012-08-10 05:00 -------- d-----w- c:\program files (x86)\Origin

2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\programdata\AVG Secure Search

2012-08-10 04:48 . 2012-08-17 19:50 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-08-10 04:48 . 2012-08-10 04:48 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-08-10 04:47 . 2012-08-18 21:31 -------- d-----w- c:\windows\system32\drivers\AVG

2012-08-10 04:47 . 2012-08-12 04:28 -------- d-----w- c:\programdata\AVG2012

2012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- C:\$AVG

2012-08-10 04:47 . 2012-08-10 04:47 -------- d-----w- c:\program files (x86)\AVG

2012-08-10 04:44 . 2012-08-18 21:31 -------- d-----w- c:\programdata\MFAData

2012-08-10 04:44 . 2012-08-10 04:44 -------- d--h--w- c:\programdata\Common Files

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\ATI

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\programdata\AMD

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD AVT

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\AMD APP

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files\Common Files\ATI Technologies

2012-08-10 04:24 . 2012-08-10 04:24 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies

2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-08-10 04:23 . 2012-08-17 20:57 -------- d-sh--w- c:\windows\Installer

2012-08-10 04:23 . 2012-08-10 04:23 -------- d-----w- c:\program files\ATI

2012-08-10 04:22 . 2012-08-10 04:24 -------- d-----w- c:\program files\ATI Technologies

2012-08-10 04:05 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0C74DAE-9047-4255-8E45-3C43E343064B}\mpengine.dll

2012-08-10 04:05 . 2012-05-31 17:25 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-08-10 04:02 . 2012-08-10 04:02 -------- d-----w- c:\program files\WinRAR

2012-08-10 03:47 . 2012-08-10 03:47 0 ----a-w- c:\windows\ativpsrm.bin

2012-08-10 03:45 . 2010-01-09 07:19 139264 ----a-w- c:\windows\system32\cabview.dll

2012-08-10 03:45 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll

2012-08-10 03:45 . 2012-02-15 06:27 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-08-10 03:45 . 2012-02-15 05:44 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-08-10 03:45 . 2012-02-15 04:46 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-08-09 22:00 . 2012-08-09 21:23 -------- d-----w- c:\windows\Panther

2012-08-09 21:51 . 2012-08-09 21:51 -------- d-----w- C:\Windows.old

2012-08-09 21:24 . 2012-08-09 21:25 -------- d-----w- c:\users\Compbro

2012-08-09 21:23 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-08-09 21:23 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-08-09 21:23 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-08-09 21:23 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-08-09 21:23 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-08-09 21:23 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-08-09 21:23 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-08-09 21:23 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-08-09 21:23 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-08-09 18:17 . 2012-08-09 18:17 -------- d-----w- C:\AMD

2012-08-08 20:35 . 2012-08-09 21:21 -------- d-----w- C:\Recovery

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-06-11 18:50 . 2012-06-11 18:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 18:50 . 2012-06-11 18:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 18:50 . 2012-06-11 18:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 18:50 . 2012-06-11 18:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 18:50 . 2012-06-11 18:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 18:50 . 2012-06-11 18:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 18:49 . 2012-06-11 18:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-11 18:48 . 2012-06-11 18:48 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-06-11 18:48 . 2012-06-11 18:48 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll

2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll

2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-06-11 17:24 . 2011-04-20 07:09 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll

2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe

2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe

2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll

2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll

2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-06-11 16:45 . 2011-04-20 06:38 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll

2012-06-11 16:43 . 2011-04-20 06:30 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll

2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-06-11 16:25 . 2011-04-20 06:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-06-11 16:24 . 2011-04-20 06:21 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-18_10.03.41 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-10 03:40 . 2012-08-18 21:28 23014 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-18 21:28 32248 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-08-09 21:26 . 2012-08-18 21:28 5268 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-447234750-1175504839-4170690110-1001_UserData.bin

- 2012-08-18 10:03 . 2012-08-18 10:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-18 21:40 . 2012-08-18 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-18 21:40 . 2012-08-18 21:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-18 10:03 . 2012-08-18 10:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-10 04:31 . 2012-08-18 03:44 411768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2012-08-10 04:31 . 2012-08-18 21:39 411768 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-07-14 05:01 . 2012-08-18 10:01 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-18 21:39 230004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 02:34 . 2012-08-18 08:00 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34 . 2012-08-18 10:13 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-10 1255736]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job

- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57]

.

2012-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job

- c:\users\Compbro\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-10 03:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

TCP: DhcpNameServer = 192.168.1.1 68.238.96.12

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

.

**************************************************************************

.

Completion time: 2012-08-18 16:44:52 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-18 21:44

ComboFix2.txt 2012-08-18 10:08

ComboFix3.txt 2012-08-18 03:51

.

Pre-Run: 21,669,847,040 bytes free

Post-Run: 21,580,570,624 bytes free

.

- - End Of File - - AC0690A14340DAF94ADCC51E374FC3E6

Link to post
Share on other sites

OTL logfile created on: 8/18/2012 4:46:55 PM - Run 1

OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\Compbro\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 81.74% Memory free

16.00 Gb Paging File | 14.59 Gb Available in Paging File | 91.18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 74.41 Gb Total Space | 20.17 Gb Free Space | 27.10% Space Free | Partition Type: NTFS

Drive D: | 100.00 Mb Total Space | 76.24 Mb Free Space | 76.25% Space Free | Partition Type: NTFS

Drive E: | 1862.92 Gb Total Space | 1862.66 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: COMPBRO-PC | User Name: Compbro | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/18 16:45:58 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Compbro\Desktop\OTL.exe

PRC - [2012/08/10 11:58:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/06/11 12:19:14 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/08/10 11:58:21 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/11 13:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2012/06/11 11:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)

DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2011/03/11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/04/27 18:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)

DRV:64bit: - [2010/04/27 18:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)

DRV:64bit: - [2010/04/27 16:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)

DRV:64bit: - [2010/04/27 16:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A D9 17 1C FF 7B CD 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={8F248D18-EA45-4363-83C1-6218C0AA45ED}&mid=5067dbdcd4bc47d086aad16c2260d538-659e591a9c7c38316d869c685935caeb53f8e1ef〈=en&ds=AVG&pr=fr&d=2012-08-09 23:48:37&v=12.2.0.5&sap=dsp&q={searchTerms}

IE - HKCU\..\SearchScopes\{9F7A5891-E0BB-42D7-AEF1-0140BCFB60C3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Compbro\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Compbro\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/09 23:47:52 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)

CHR - default_search_provider: search_url = http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149'>http://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT3244149

CHR - default_search_provider: suggest_url = http://search.conduit.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll

CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll

CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/np-cwmp.dll

CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll

CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa3\npPicasa3.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Compbro\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

CHR - Extension: WhiteSmoke US New = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\

CHR - Extension: AVG Do Not Track = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

O1 HOSTS File: ([2012/08/18 16:40:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)

O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.96.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1E3DEBA7-42A7-422E-B07A-AD7D7C03EE70}: DhcpNameServer = 192.168.1.1 68.238.96.12

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/18 16:46:12 | 000,598,016 | ---- | C] (OldTimer Tools) -- C:\Users\Compbro\Desktop\OTL.exe

[2012/08/18 16:44:54 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/08/18 04:57:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/08/18 04:57:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/08/18 04:57:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/08/18 04:56:58 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/08/17 23:06:21 | 004,735,580 | R--- | C] (Swearware) -- C:\Users\Compbro\Desktop\ComboFix.exe

[2012/08/17 22:37:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/08/17 22:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2012/08/17 22:20:21 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2012/08/17 15:01:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\Seagate

[2012/08/17 15:01:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Seagate

[2012/08/17 15:01:16 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Seagate File Recovery for Windows

[2012/08/17 15:01:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate File Recovery for Windows

[2012/08/17 15:01:16 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\R-TT

[2012/08/17 14:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate

[2012/08/17 14:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard

[2012/08/16 18:00:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/08/16 18:00:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/08/16 18:00:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/08/16 18:00:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/08/16 18:00:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/08/16 18:00:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/08/16 18:00:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/08/16 18:00:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/08/16 18:00:33 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/08/16 18:00:33 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2012/08/16 18:00:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2012/08/16 18:00:32 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/08/16 18:00:31 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/08/16 17:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Picasa3

[2012/08/16 17:38:36 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\CRE

[2012/08/16 17:38:27 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Conduit

[2012/08/16 11:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

[2012/08/16 11:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google

[2012/08/16 11:38:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll

[2012/08/16 11:38:05 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2012/08/16 11:38:05 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2012/08/16 11:38:05 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe

[2012/08/16 11:37:59 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll

[2012/08/16 11:37:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll

[2012/08/16 11:37:58 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll

[2012/08/16 11:37:56 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll

[2012/08/12 23:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech

[2012/08/12 23:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech

[2012/08/12 23:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech

[2012/08/10 17:39:11 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys

[2012/08/10 17:39:11 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys

[2012/08/10 17:39:06 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2012/08/10 17:39:06 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2012/08/10 17:39:05 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2012/08/10 17:39:05 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2012/08/10 17:39:05 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2012/08/10 17:39:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2012/08/10 17:39:05 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2012/08/10 16:01:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET

[2012/08/10 15:02:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat

[2012/08/10 15:02:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat

[2012/08/10 14:20:05 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll

[2012/08/10 14:20:05 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll

[2012/08/10 14:20:05 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe

[2012/08/10 14:20:05 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe

[2012/08/10 14:20:05 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll

[2012/08/10 14:20:05 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll

[2012/08/10 14:20:05 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll

[2012/08/10 14:20:05 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll

[2012/08/10 14:18:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2012/08/10 14:18:10 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2012/08/10 14:18:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/08/10 14:18:10 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2012/08/10 14:18:10 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2012/08/10 14:18:10 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/08/10 14:18:10 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2012/08/10 14:18:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2012/08/10 14:18:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2012/08/10 14:18:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2012/08/10 14:18:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2012/08/10 14:18:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2012/08/10 14:18:10 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2012/08/10 14:18:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2012/08/10 14:18:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2012/08/10 14:18:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/08/10 14:18:09 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2012/08/10 14:18:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2012/08/10 14:18:09 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2012/08/10 14:18:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2012/08/10 14:18:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2012/08/10 14:18:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2012/08/10 14:18:09 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2012/08/10 14:18:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2012/08/10 14:18:09 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2012/08/10 14:18:09 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2012/08/10 14:18:09 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2012/08/10 14:18:09 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2012/08/10 14:18:09 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2012/08/10 14:18:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2012/08/10 14:18:09 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2012/08/10 14:18:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2012/08/10 14:18:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2012/08/10 14:18:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/08/10 14:18:09 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2012/08/10 14:18:08 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2012/08/10 14:18:08 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2012/08/10 14:18:08 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2012/08/10 14:18:08 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2012/08/10 14:18:08 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2012/08/10 14:18:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2012/08/10 14:18:08 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2012/08/10 14:18:08 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2012/08/10 14:18:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2012/08/10 14:18:08 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2012/08/10 14:18:08 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2012/08/10 14:18:08 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2012/08/10 14:18:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2012/08/10 14:18:08 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2012/08/10 14:18:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2012/08/10 14:18:08 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2012/08/10 14:18:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2012/08/10 14:18:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2012/08/10 14:18:08 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2012/08/10 14:18:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2012/08/10 14:18:07 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/08/10 14:18:07 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/08/10 14:18:07 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2012/08/10 14:18:07 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2012/08/10 14:09:00 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/08/10 14:09:00 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/08/10 14:09:00 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/08/10 11:53:51 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\PunkBuster

[2012/08/10 11:53:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\Battlefield 3

[2012/08/10 11:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins

[2012/08/10 11:46:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2012/08/10 11:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs

[2012/08/10 03:36:17 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller

[2012/08/10 03:34:58 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll

[2012/08/10 03:34:58 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll

[2012/08/10 03:34:58 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll

[2012/08/10 03:34:58 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll

[2012/08/10 03:34:58 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll

[2012/08/10 03:34:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll

[2012/08/10 03:34:57 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll

[2012/08/10 03:34:57 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll

[2012/08/10 03:34:57 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll

[2012/08/10 03:34:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll

[2012/08/10 03:34:57 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll

[2012/08/10 03:34:57 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll

[2012/08/10 03:34:56 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll

[2012/08/10 03:34:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll

[2012/08/10 03:34:56 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll

[2012/08/10 03:34:56 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll

[2012/08/10 03:34:55 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll

[2012/08/10 03:34:55 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll

[2012/08/10 03:34:55 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll

[2012/08/10 03:34:55 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll

[2012/08/10 03:34:54 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll

[2012/08/10 03:34:54 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll

[2012/08/10 03:34:54 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll

[2012/08/10 03:34:54 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll

[2012/08/10 03:34:54 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll

[2012/08/10 03:34:54 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll

[2012/08/10 03:34:52 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll

[2012/08/10 03:34:52 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll

[2012/08/10 03:34:52 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll

[2012/08/10 03:34:52 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll

[2012/08/10 03:34:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll

[2012/08/10 03:34:52 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll

[2012/08/10 03:34:51 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll

[2012/08/10 03:34:51 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll

[2012/08/10 03:34:51 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll

[2012/08/10 03:34:51 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll

[2012/08/10 03:34:51 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll

[2012/08/10 03:34:51 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll

[2012/08/10 03:34:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll

[2012/08/10 03:34:51 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll

[2012/08/10 03:34:51 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll

[2012/08/10 03:34:51 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll

[2012/08/10 03:34:50 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll

[2012/08/10 03:34:50 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll

[2012/08/10 03:34:50 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll

[2012/08/10 03:34:50 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll

[2012/08/10 03:34:50 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll

[2012/08/10 03:34:50 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll

[2012/08/10 03:34:49 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll

[2012/08/10 03:34:49 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll

[2012/08/10 03:34:49 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll

[2012/08/10 03:34:49 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll

[2012/08/10 03:34:49 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll

[2012/08/10 03:34:49 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll

[2012/08/10 03:34:49 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll

[2012/08/10 03:34:49 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll

[2012/08/10 03:34:48 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll

[2012/08/10 03:34:48 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll

[2012/08/10 03:34:48 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll

[2012/08/10 03:34:48 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll

[2012/08/10 03:34:48 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll

[2012/08/10 03:34:48 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll

[2012/08/10 03:34:47 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll

[2012/08/10 03:34:47 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll

[2012/08/10 03:34:47 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll

[2012/08/10 03:34:47 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll

[2012/08/10 03:34:46 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll

[2012/08/10 03:34:46 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll

[2012/08/10 03:34:46 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll

[2012/08/10 03:34:46 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll

[2012/08/10 03:34:46 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll

[2012/08/10 03:34:46 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll

[2012/08/10 03:34:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll

[2012/08/10 03:34:46 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll

[2012/08/10 03:34:46 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll

[2012/08/10 03:34:46 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll

[2012/08/10 03:34:45 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll

[2012/08/10 03:34:45 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll

[2012/08/10 03:34:44 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll

[2012/08/10 03:34:44 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll

[2012/08/10 03:34:44 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll

[2012/08/10 03:34:44 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll

[2012/08/10 03:34:44 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll

[2012/08/10 03:34:44 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll

[2012/08/10 03:34:43 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll

[2012/08/10 03:34:43 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll

[2012/08/10 03:34:43 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll

[2012/08/10 03:34:43 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll

[2012/08/10 03:34:43 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll

[2012/08/10 03:34:43 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll

[2012/08/10 03:34:43 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll

[2012/08/10 03:34:43 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll

[2012/08/10 03:34:42 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll

[2012/08/10 03:34:42 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll

[2012/08/10 03:34:41 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll

[2012/08/10 03:34:41 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll

[2012/08/10 03:34:41 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll

[2012/08/10 03:34:41 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll

[2012/08/10 03:34:41 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll

[2012/08/10 03:34:41 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll

[2012/08/10 03:34:41 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll

[2012/08/10 03:34:41 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll

[2012/08/10 03:34:41 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll

[2012/08/10 03:34:41 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll

[2012/08/10 03:34:40 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll

[2012/08/10 03:34:40 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll

[2012/08/10 03:34:39 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll

[2012/08/10 03:34:39 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll

[2012/08/10 03:34:39 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll

[2012/08/10 03:34:39 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll

[2012/08/10 03:34:38 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll

[2012/08/10 03:34:38 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll

[2012/08/10 03:34:38 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll

[2012/08/10 03:34:38 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll

[2012/08/10 03:34:37 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll

[2012/08/10 03:34:37 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll

[2012/08/10 03:34:37 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll

[2012/08/10 03:34:37 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll

[2012/08/10 03:34:37 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll

[2012/08/10 03:34:37 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll

[2012/08/10 03:34:36 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll

[2012/08/10 03:34:36 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll

[2012/08/10 03:34:36 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll

[2012/08/10 03:34:36 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll

[2012/08/10 03:34:36 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll

[2012/08/10 03:34:36 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll

[2012/08/10 03:34:36 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll

[2012/08/10 03:34:36 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll

[2012/08/10 03:34:36 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll

[2012/08/10 03:34:36 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll

[2012/08/10 03:34:36 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll

[2012/08/10 03:34:36 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll

[2012/08/10 03:34:35 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll

[2012/08/10 03:34:35 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll

[2012/08/10 03:34:34 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll

[2012/08/10 03:34:34 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll

[2012/08/10 03:34:34 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll

[2012/08/10 03:34:34 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll

[2012/08/10 03:34:34 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll

[2012/08/10 03:34:34 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll

[2012/08/10 03:34:33 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll

[2012/08/10 03:34:33 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll

[2012/08/10 03:34:31 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll

[2012/08/10 03:34:31 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll

[2012/08/10 03:34:31 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll

[2012/08/10 03:34:31 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll

[2012/08/10 03:34:30 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll

[2012/08/10 03:34:30 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll

[2012/08/10 03:34:30 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll

[2012/08/10 03:34:30 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll

[2012/08/10 03:34:30 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll

[2012/08/10 03:34:30 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll

[2012/08/10 03:34:30 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll

[2012/08/10 03:34:30 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll

[2012/08/10 03:34:29 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll

[2012/08/10 03:34:29 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll

[2012/08/10 03:34:29 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll

[2012/08/10 03:34:29 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll

[2012/08/10 03:34:28 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll

[2012/08/10 03:34:28 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll

[2012/08/10 03:34:28 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll

[2012/08/10 03:34:28 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll

[2012/08/10 03:34:27 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll

[2012/08/10 03:34:27 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll

[2012/08/10 03:34:20 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll

[2012/08/10 03:34:20 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll

[2012/08/10 03:34:18 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll

[2012/08/10 03:34:18 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll

[2012/08/10 03:34:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll

[2012/08/10 03:34:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll

[2012/08/10 03:34:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll

[2012/08/10 03:34:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll

[2012/08/10 03:34:17 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll

[2012/08/10 03:34:17 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll

[2012/08/10 03:34:17 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll

[2012/08/10 03:34:17 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll

[2012/08/10 03:34:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll

[2012/08/10 03:34:17 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll

[2012/08/10 03:34:17 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll

[2012/08/10 03:34:17 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll

[2012/08/10 03:34:16 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll

[2012/08/10 03:34:16 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll

[2012/08/10 03:22:32 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe

[2012/08/10 03:22:24 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll

[2012/08/10 03:22:20 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll

[2012/08/10 03:22:20 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll

[2012/08/10 03:22:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll

[2012/08/10 03:22:20 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll

[2012/08/10 03:22:20 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll

[2012/08/10 03:22:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll

[2012/08/10 03:22:20 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll

[2012/08/10 03:22:20 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll

[2012/08/10 03:22:20 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll

[2012/08/10 03:22:16 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll

[2012/08/10 03:22:16 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2012/08/10 03:22:16 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll

[2012/08/10 03:22:16 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll

[2012/08/10 03:22:15 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll

[2012/08/10 03:21:48 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe

[2012/08/10 03:21:48 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe

[2012/08/10 03:21:43 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2012/08/10 03:21:43 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2012/08/10 03:21:39 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll

[2012/08/10 03:21:39 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll

[2012/08/10 03:21:39 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll

[2012/08/10 03:21:38 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll

[2012/08/10 03:21:38 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax

[2012/08/10 03:21:38 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax

[2012/08/10 03:21:35 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2012/08/10 03:21:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2012/08/10 03:21:33 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll

[2012/08/10 03:21:33 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll

[2012/08/10 03:21:33 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll

[2012/08/10 03:21:33 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll

[2012/08/10 03:21:28 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll

[2012/08/10 03:21:27 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2012/08/10 03:21:06 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll

[2012/08/10 03:21:06 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll

[2012/08/10 03:21:06 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll

[2012/08/10 03:21:06 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll

[2012/08/10 03:21:06 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe

[2012/08/10 03:21:06 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll

[2012/08/10 03:21:06 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe

[2012/08/10 03:21:06 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe

[2012/08/10 03:21:04 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2012/08/10 03:21:04 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2012/08/10 03:21:03 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2012/08/10 03:21:03 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2012/08/10 03:21:03 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2012/08/10 03:21:03 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2012/08/10 03:21:03 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2012/08/10 03:21:02 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2012/08/10 03:21:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2012/08/10 03:21:02 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll

[2012/08/10 03:21:02 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2012/08/10 03:21:02 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2012/08/10 03:21:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2012/08/10 03:20:56 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2012/08/10 03:20:51 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll

[2012/08/10 03:20:51 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll

[2012/08/10 03:20:48 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll

[2012/08/10 03:20:48 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll

[2012/08/10 03:20:30 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll

[2012/08/10 03:20:30 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll

[2012/08/10 03:20:30 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll

[2012/08/10 03:20:30 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll

[2012/08/10 03:20:30 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe

[2012/08/10 03:20:30 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe

[2012/08/10 03:20:30 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe

[2012/08/10 03:20:30 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe

[2012/08/10 03:20:30 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe

[2012/08/10 03:20:29 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe

[2012/08/10 03:20:29 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe

[2012/08/10 03:20:29 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

[2012/08/10 03:20:29 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll

[2012/08/10 03:20:29 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll

[2012/08/10 03:20:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll

[2012/08/10 03:20:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll

[2012/08/10 03:20:18 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll

[2012/08/10 03:20:06 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2012/08/10 03:20:00 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl

[2012/08/10 03:20:00 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl

[2012/08/10 03:19:58 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2012/08/10 03:19:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2012/08/10 03:19:40 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2012/08/10 03:19:36 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll

[2012/08/10 03:19:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll

[2012/08/10 03:19:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll

[2012/08/10 03:19:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll

[2012/08/10 03:19:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll

[2012/08/10 03:19:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll

[2012/08/10 03:19:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll

[2012/08/10 03:19:28 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2012/08/10 03:19:28 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2012/08/10 03:19:20 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2012/08/10 03:19:19 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2012/08/10 03:19:19 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2012/08/10 03:19:19 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2012/08/10 03:19:03 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll

[2012/08/10 03:18:05 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll

[2012/08/10 03:18:05 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll

[2012/08/10 03:18:05 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe

[2012/08/10 03:17:51 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2012/08/10 03:17:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

[2012/08/10 03:17:50 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll

[2012/08/10 03:17:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll

[2012/08/10 03:17:50 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll

[2012/08/10 03:17:31 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2012/08/10 03:17:31 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2012/08/10 03:17:31 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll

[2012/08/10 03:17:31 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll

[2012/08/10 03:17:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2012/08/10 03:17:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2012/08/10 03:17:29 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2012/08/10 03:17:28 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll

[2012/08/10 03:17:28 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll

[2012/08/10 03:17:28 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll

[2012/08/10 03:17:28 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2012/08/10 03:17:27 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll

[2012/08/10 03:17:27 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2012/08/10 03:17:27 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll

[2012/08/10 03:17:27 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll

[2012/08/10 03:17:27 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll

[2012/08/10 03:17:27 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll

[2012/08/10 03:17:27 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2012/08/10 03:17:27 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll

[2012/08/10 03:17:13 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys

[2012/08/10 03:17:11 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll

[2012/08/10 03:17:08 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2012/08/10 03:17:08 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2012/08/10 03:17:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2012/08/10 03:17:02 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2012/08/10 03:17:02 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2012/08/10 03:17:00 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll

[2012/08/10 03:17:00 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll

[2012/08/10 03:16:57 | 005,505,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/08/10 03:16:56 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/08/10 03:16:56 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/08/10 03:16:42 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll

[2012/08/10 03:16:42 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll

[2012/08/10 03:16:42 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax

[2012/08/10 03:16:42 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax

[2012/08/10 03:16:42 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax

[2012/08/10 03:16:42 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax

[2012/08/10 03:16:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax

[2012/08/10 03:16:42 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax

[2012/08/10 03:16:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax

[2012/08/10 03:16:42 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax

[2012/08/10 03:16:31 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll

[2012/08/10 03:16:02 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2012/08/10 03:16:02 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2012/08/10 03:16:02 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2012/08/10 03:16:02 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2012/08/10 03:16:02 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2012/08/10 03:16:02 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2012/08/10 03:16:02 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2012/08/10 03:16:00 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2012/08/10 03:16:00 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2012/08/10 03:15:52 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll

[2012/08/10 03:15:48 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2012/08/10 03:15:47 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll

[2012/08/10 03:15:32 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll

[2012/08/10 03:15:32 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll

[2012/08/10 03:15:32 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll

[2012/08/10 03:15:32 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe

[2012/08/10 03:15:32 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll

[2012/08/10 03:15:32 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll

[2012/08/10 03:15:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe

[2012/08/10 03:15:32 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll

[2012/08/10 03:15:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll

[2012/08/10 03:15:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll

[2012/08/10 03:15:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe

[2012/08/10 03:15:31 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll

[2012/08/10 03:15:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/08/10 03:15:31 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll

[2012/08/10 03:15:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

[2012/08/10 03:15:30 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll

[2012/08/10 03:15:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll

[2012/08/10 03:15:30 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll

[2012/08/10 03:15:30 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll

[2012/08/10 03:15:30 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll

[2012/08/10 03:15:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

[2012/08/10 03:15:21 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe

[2012/08/10 03:15:21 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll

[2012/08/10 03:15:19 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2012/08/10 03:15:19 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2012/08/10 03:15:19 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe

[2012/08/10 03:15:19 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

[2012/08/10 03:15:16 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2012/08/10 03:15:16 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2012/08/10 03:15:15 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2012/08/10 03:15:15 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2012/08/10 03:15:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2012/08/10 03:15:11 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

[2012/08/10 03:15:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2012/08/10 03:15:05 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll

[2012/08/10 03:15:04 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2012/08/10 03:15:01 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll

[2012/08/10 03:15:01 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll

[2012/08/10 03:15:00 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2012/08/10 03:15:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll

[2012/08/10 03:14:34 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll

[2012/08/10 03:14:31 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll

[2012/08/10 03:14:31 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll

[2012/08/10 03:14:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2012/08/10 03:08:28 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll

[2012/08/10 03:08:28 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll

[2012/08/10 00:00:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games

[2012/08/10 00:00:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Origin

[2012/08/10 00:00:39 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Origin

[2012/08/09 23:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2012/08/09 23:59:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2012/08/09 23:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin

[2012/08/09 23:49:48 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\AVG2012

[2012/08/09 23:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2012/08/09 23:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search

[2012/08/09 23:48:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search

[2012/08/09 23:48:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG

[2012/08/09 23:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012

[2012/08/09 23:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG

[2012/08/09 23:47:50 | 000,000,000 | ---D | C] -- C:\$AVG

[2012/08/09 23:47:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG

[2012/08/09 23:44:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2012/08/09 23:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2012/08/09 23:24:28 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\ATI

[2012/08/09 23:24:28 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\ATI

[2012/08/09 23:24:28 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI

[2012/08/09 23:24:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT

[2012/08/09 23:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD

[2012/08/09 23:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP

[2012/08/09 23:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies

[2012/08/09 23:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies

[2012/08/09 23:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center

[2012/08/09 23:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies

[2012/08/09 23:23:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

[2012/08/09 23:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\ATI

[2012/08/09 23:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies

[2012/08/09 23:18:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM

[2012/08/09 23:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek

[2012/08/09 23:18:21 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2012/08/09 23:18:20 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2012/08/09 23:18:20 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2012/08/09 23:18:20 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2012/08/09 23:18:20 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2012/08/09 23:18:18 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2012/08/09 23:18:18 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2012/08/09 23:18:18 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2012/08/09 23:18:18 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2012/08/09 23:18:18 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2012/08/09 23:18:18 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2012/08/09 23:18:18 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2012/08/09 23:18:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2012/08/09 23:18:18 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2012/08/09 23:18:18 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2012/08/09 23:18:18 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2012/08/09 23:18:18 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2012/08/09 23:18:18 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2012/08/09 23:18:18 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll

[2012/08/09 23:18:17 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll

[2012/08/09 23:18:17 | 000,083,072 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBWrp64.dll

[2012/08/09 23:18:16 | 000,897,152 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBAPO64.dll

[2012/08/09 23:18:16 | 000,753,280 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll

[2012/08/09 23:18:16 | 000,626,304 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysNative\MBTHX64.dll

[2012/08/09 23:18:16 | 000,561,792 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBTHX32.dll

[2012/08/09 23:18:15 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2012/08/09 23:18:15 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll

[2012/08/09 23:18:15 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2012/08/09 23:18:14 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2012/08/09 23:18:12 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll

[2012/08/09 23:18:12 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll

[2012/08/09 23:18:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information

[2012/08/09 23:18:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek

[2012/08/09 23:18:11 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

[2012/08/09 23:18:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp

[2012/08/09 23:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield

[2012/08/09 23:06:27 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\ElevatedDiagnostics

[2012/08/09 23:03:29 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\6305_Vista_PG537

[2012/08/09 23:02:43 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\Vista64

[2012/08/09 23:02:42 | 000,524,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\RtlExUpd.dll

[2012/08/09 23:02:42 | 000,475,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\AlcUpd64.exe

[2012/08/09 23:02:42 | 000,316,416 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\alcrmv64.exe

[2012/08/09 23:02:42 | 000,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\alcupd.exe

[2012/08/09 23:02:42 | 000,217,088 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\alcrmv.exe

[2012/08/09 23:02:42 | 000,126,976 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Users\Compbro\Documents\alcrmv9x.exe

[2012/08/09 23:02:42 | 000,121,064 | ---- | C] (Macrovision Corporation) -- C:\Users\Compbro\Documents\setup.exe

[2012/08/09 23:02:42 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\Vista

[2012/08/09 23:02:42 | 000,000,000 | ---D | C] -- C:\Users\Compbro\Documents\CONFIG

[2012/08/09 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\WinRAR

[2012/08/09 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/08/09 23:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

[2012/08/09 23:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR

[2012/08/09 22:58:22 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2012/08/09 22:57:41 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Google

[2012/08/09 22:57:25 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Apps

[2012/08/09 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Deployment

[2012/08/09 22:45:16 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll

[2012/08/09 22:45:16 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll

[2012/08/09 22:45:15 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll

[2012/08/09 22:45:15 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll

[2012/08/09 17:00:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther

[2012/08/09 16:51:43 | 000,000,000 | ---D | C] -- C:\Windows.old

[2012/08/09 16:25:35 | 000,000,000 | R--D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

[2012/08/09 16:25:35 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Searches

[2012/08/09 16:25:35 | 000,000,000 | R--D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

[2012/08/09 16:25:35 | 000,000,000 | -H-D | C] -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned

[2012/08/09 16:25:26 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Identities

[2012/08/09 16:25:22 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Contacts

[2012/08/09 16:25:19 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\VirtualStore

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\AppData\Local\Temporary Internet Files

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Templates

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Start Menu

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\SendTo

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Recent

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\PrintHood

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\NetHood

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Documents\My Videos

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Documents\My Pictures

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Documents\My Music

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\My Documents

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Local Settings

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\AppData\Local\History

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Cookies

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\Application Data

[2012/08/09 16:24:54 | 000,000,000 | -HSD | C] -- C:\Users\Compbro\AppData\Local\Application Data

[2012/08/09 16:24:52 | 000,000,000 | --SD | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft

[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Pictures

[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Music

[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Links

[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Favorites

[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Downloads

[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Documents

[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Desktop

[2012/08/09 16:24:52 | 000,000,000 | R--D | C] -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

[2012/08/09 16:24:52 | 000,000,000 | -H-D | C] -- C:\Users\Compbro\AppData

[2012/08/09 16:24:52 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Temp

[2012/08/09 16:24:52 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Local\Microsoft

[2012/08/09 16:24:52 | 000,000,000 | ---D | C] -- C:\Users\Compbro\AppData\Roaming\Media Center Programs

[2012/08/09 16:24:51 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Videos

[2012/08/09 16:24:51 | 000,000,000 | R--D | C] -- C:\Users\Compbro\Saved Games

[2012/08/09 16:23:35 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll

[2012/08/09 16:23:35 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe

[2012/08/09 16:23:35 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll

[2012/08/09 16:23:26 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll

[2012/08/09 16:23:26 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

[2012/08/09 16:23:26 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll

[2012/08/09 16:23:17 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll

[2012/08/09 16:23:17 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe

[2012/08/09 16:04:04 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution

[2012/08/09 16:01:52 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch

[2012/08/09 13:17:50 | 000,000,000 | ---D | C] -- C:\AMD

[2012/08/08 15:35:17 | 000,000,000 | ---D | C] -- C:\Recovery

[2012/08/08 14:53:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information

Link to post
Share on other sites

========== Files - Modified Within 30 Days ==========

[2012/08/18 16:45:58 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Compbro\Desktop\OTL.exe

[2012/08/18 16:40:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2012/08/18 16:40:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/18 16:40:01 | 2146,684,927 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/18 16:39:10 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/18 16:39:10 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/18 16:33:07 | 004,735,580 | R--- | M] (Swearware) -- C:\Users\Compbro\Desktop\ComboFix.exe

[2012/08/18 16:31:49 | 104,295,870 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/08/18 05:07:04 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job

[2012/08/18 03:36:25 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/08/18 03:36:25 | 000,283,304 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/08/18 03:36:01 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/08/17 23:07:05 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job

[2012/08/17 22:20:21 | 000,001,264 | ---- | M] () -- C:\Users\Compbro\Desktop\Revo Uninstaller.lnk

[2012/08/17 15:57:10 | 000,771,962 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/08/17 15:57:10 | 000,659,580 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/17 15:57:10 | 000,120,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/17 15:57:02 | 000,771,962 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/17 14:54:24 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk

[2012/08/16 22:35:28 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/08/16 17:39:58 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2012/08/16 17:38:40 | 000,000,009 | ---- | M] () -- C:\END

[2012/08/16 17:37:29 | 000,002,461 | ---- | M] () -- C:\Users\Compbro\Desktop\Google Chrome.lnk

[2012/08/16 17:30:12 | 000,032,888 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/08/11 21:06:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

[2012/08/11 21:06:52 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf

[2012/08/10 15:08:09 | 000,001,437 | ---- | M] () -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/08/10 14:18:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat

[2012/08/10 14:18:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll

[2012/08/10 14:18:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2012/08/10 14:18:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll

[2012/08/10 14:18:10 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll

[2012/08/10 14:18:10 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2012/08/10 14:18:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll

[2012/08/10 14:18:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2012/08/10 14:18:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe

[2012/08/10 14:18:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2012/08/10 14:18:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2012/08/10 14:18:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe

[2012/08/10 14:18:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/08/10 14:18:10 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx

[2012/08/10 14:18:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll

[2012/08/10 14:18:10 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2012/08/10 14:18:10 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2012/08/10 14:18:09 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll

[2012/08/10 14:18:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll

[2012/08/10 14:18:09 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll

[2012/08/10 14:18:09 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll

[2012/08/10 14:18:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll

[2012/08/10 14:18:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll

[2012/08/10 14:18:09 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe

[2012/08/10 14:18:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe

[2012/08/10 14:18:09 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll

[2012/08/10 14:18:09 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll

[2012/08/10 14:18:09 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll

[2012/08/10 14:18:09 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll

[2012/08/10 14:18:09 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2012/08/10 14:18:09 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll

[2012/08/10 14:18:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll

[2012/08/10 14:18:09 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll

[2012/08/10 14:18:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll

[2012/08/10 14:18:09 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2012/08/10 14:18:09 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe

[2012/08/10 14:18:08 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat

[2012/08/10 14:18:08 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll

[2012/08/10 14:18:08 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll

[2012/08/10 14:18:08 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2012/08/10 14:18:08 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll

[2012/08/10 14:18:08 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll

[2012/08/10 14:18:08 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2012/08/10 14:18:08 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll

[2012/08/10 14:18:08 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2012/08/10 14:18:08 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll

[2012/08/10 14:18:08 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe

[2012/08/10 14:18:08 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2012/08/10 14:18:08 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2012/08/10 14:18:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll

[2012/08/10 14:18:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx

[2012/08/10 14:18:08 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012/08/10 14:18:08 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll

[2012/08/10 14:18:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll

[2012/08/10 14:18:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2012/08/10 14:18:08 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2012/08/10 14:18:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe

[2012/08/10 14:18:07 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2012/08/10 14:18:07 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2012/08/10 14:18:07 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe

[2012/08/10 14:18:07 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe

[2012/08/10 11:58:21 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/08/10 03:36:20 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2012/08/09 23:59:49 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk

[2012/08/09 23:48:45 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/08/09 23:48:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2012/08/09 23:48:07 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2012/08/09 22:47:05 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

[2012/08/09 16:04:46 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf

[2012/08/09 16:04:46 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf

[2012/08/09 16:03:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

========== Files Created - No Company Name ==========

[2012/08/18 16:31:49 | 104,295,870 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm

[2012/08/18 04:57:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/08/18 04:57:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/08/18 04:57:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/08/18 04:57:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/08/18 04:57:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/08/17 22:20:21 | 000,001,264 | ---- | C] () -- C:\Users\Compbro\Desktop\Revo Uninstaller.lnk

[2012/08/17 14:54:15 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk

[2012/08/17 14:52:13 | 000,771,962 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/08/16 17:39:58 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk

[2012/08/16 17:38:40 | 000,000,009 | ---- | C] () -- C:\END

[2012/08/16 17:30:12 | 000,032,888 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm

[2012/08/11 21:06:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_ZuneDriver_01_09_00.Wdf

[2012/08/11 21:06:52 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_winusb_01009.Wdf

[2012/08/10 14:18:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012/08/10 14:18:08 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012/08/10 11:53:54 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2012/08/10 03:36:20 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk

[2012/08/10 03:35:40 | 000,283,304 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2012/08/10 03:35:40 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2012/08/10 03:35:38 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2012/08/09 23:59:49 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk

[2012/08/09 23:48:45 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk

[2012/08/09 23:48:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm

[2012/08/09 23:48:07 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm

[2012/08/09 23:18:18 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT

[2012/08/09 23:02:42 | 002,319,913 | ---- | C] () -- C:\Users\Compbro\Documents\data1.cab

[2012/08/09 23:02:42 | 000,553,805 | ---- | C] () -- C:\Users\Compbro\Documents\engine32.cab

[2012/08/09 23:02:42 | 000,456,860 | ---- | C] () -- C:\Users\Compbro\Documents\setup.ibt

[2012/08/09 23:02:42 | 000,351,586 | ---- | C] () -- C:\Users\Compbro\Documents\setup.inx

[2012/08/09 23:02:42 | 000,250,296 | ---- | C] () -- C:\Users\Compbro\Documents\setup.isn

[2012/08/09 23:02:42 | 000,110,592 | ---- | C] () -- C:\Users\Compbro\Documents\alcchkid.exe

[2012/08/09 23:02:42 | 000,049,152 | ---- | C] () -- C:\Users\Compbro\Documents\ChCfg.exe

[2012/08/09 23:02:42 | 000,040,448 | ---- | C] () -- C:\Users\Compbro\Documents\GETDXVER.EXE

[2012/08/09 23:02:42 | 000,031,388 | ---- | C] () -- C:\Users\Compbro\Documents\ALCXDEV.EXE

[2012/08/09 23:02:42 | 000,027,061 | ---- | C] () -- C:\Users\Compbro\Documents\data1.hdr

[2012/08/09 23:02:42 | 000,023,552 | ---- | C] () -- C:\Users\Compbro\Documents\SetCDfmt.exe

[2012/08/09 23:02:42 | 000,002,826 | ---- | C] () -- C:\Users\Compbro\Documents\setup.ini

[2012/08/09 23:02:42 | 000,000,534 | ---- | C] () -- C:\Users\Compbro\Documents\setup.iss

[2012/08/09 23:02:42 | 000,000,512 | ---- | C] () -- C:\Users\Compbro\Documents\data2.cab

[2012/08/09 23:02:42 | 000,000,473 | ---- | C] () -- C:\Users\Compbro\Documents\layout.bin

[2012/08/09 23:02:42 | 000,000,136 | ---- | C] () -- C:\Users\Compbro\Documents\SetupEx.ini

[2012/08/09 22:58:24 | 000,002,461 | ---- | C] () -- C:\Users\Compbro\Desktop\Google Chrome.lnk

[2012/08/09 22:57:42 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001UA.job

[2012/08/09 22:57:41 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-447234750-1175504839-4170690110-1001Core.job

[2012/08/09 22:56:41 | 000,001,437 | ---- | C] () -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

[2012/08/09 22:47:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2012/08/09 16:25:45 | 000,001,409 | ---- | C] () -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2012/08/09 16:25:39 | 000,001,443 | ---- | C] () -- C:\Users\Compbro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

[2012/08/09 16:24:52 | 000,000,290 | ---- | C] () -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk

[2012/08/09 16:24:52 | 000,000,272 | ---- | C] () -- C:\Users\Compbro\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk

[2012/08/09 16:04:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk

[2012/08/09 16:04:27 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk

[2012/08/09 16:03:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[2012/08/08 14:53:48 | 2146,684,927 | -HS- | C] () -- C:\hiberfil.sys

[2012/06/11 11:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat

[2012/06/11 11:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat

[2012/05/10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat

[2012/08/18 16:44:52 | 000,020,940 | ---- | M] () -- C:\ComboFix.txt

[2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys

[2012/08/16 17:38:40 | 000,000,009 | ---- | M] () -- C:\END

[2012/08/18 16:40:01 | 2146,684,927 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/18 16:40:01 | 4293,902,335 | -HS- | M] () -- C:\pagefile.sys

[2012/08/17 22:35:17 | 000,126,416 | ---- | M] () -- C:\TDSSKiller.2.8.6.0_17.08.2012_22.33.25_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 8/18/2012 4:46:55 PM - Run 1

OTL by OldTimer - Version 3.2.58.0 Folder = C:\Users\Compbro\Desktop

64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.54 Gb Available Physical Memory | 81.74% Memory free

16.00 Gb Paging File | 14.59 Gb Available in Paging File | 91.18% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 74.41 Gb Total Space | 20.17 Gb Free Space | 27.10% Space Free | Partition Type: NTFS

Drive D: | 100.00 Mb Total Space | 76.24 Mb Free Space | 76.25% Space Free | Partition Type: NTFS

Drive E: | 1862.92 Gb Total Space | 1862.66 Gb Free Space | 99.99% Space Free | Partition Type: NTFS

Computer Name: COMPBRO-PC | User Name: Compbro | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0BFFE11B-99E5-4DC3-A0CF-EF333D66DDDC}" = lport=139 | protocol=6 | dir=in | app=system |

"{11DBF735-0FC2-4009-BD40-405DAA919352}" = lport=445 | protocol=6 | dir=in | app=system |

"{25FEF3DC-7012-43EC-9EC4-531995365CF8}" = rport=445 | protocol=6 | dir=out | app=system |

"{3E2FAECD-FD50-4E76-81E3-9C3434EA44A9}" = lport=10243 | protocol=6 | dir=in | app=system |

"{3FCE25D7-3D3A-417B-B861-A2CC61DE643A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{413B8FC6-8A6C-4813-96AD-7E1D3CE4E464}" = rport=138 | protocol=17 | dir=out | app=system |

"{4DC8178F-87A2-491D-A903-C06E707BF893}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{54DB3C91-D1B5-48A2-A0FE-FB13F540B085}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{58AA5678-B2E0-4FFD-9114-3A2AC8DC7E6E}" = rport=10243 | protocol=6 | dir=out | app=system |

"{5C2392DB-C39D-4557-BEDF-917D46141E2F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{75FE4866-9082-4D8D-A10F-D361F6415EAC}" = lport=138 | protocol=17 | dir=in | app=system |

"{87D85696-3E13-49F6-8BDD-70EFD43AD7A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{9363C64A-59C0-46C3-8977-FC034E9CC2D0}" = rport=137 | protocol=17 | dir=out | app=system |

"{A295321F-EF36-42A0-938B-29D0124330FE}" = lport=2869 | protocol=6 | dir=in | app=system |

"{BAC7667E-2785-42A2-ADCC-95F13EC4FA72}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{BAC86444-0013-4DDA-BB8E-39F75AE13838}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C5961AB4-D06C-454C-89F5-9118211651AC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{C8A1D39E-8023-44A3-B8A1-08659F014780}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{DC70A9D3-0A17-4D50-B0DA-1F19A10B63E8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{E6678373-E443-4010-B297-1E724BE2A6B8}" = rport=139 | protocol=6 | dir=out | app=system |

"{FCFE55D4-47AB-4D0D-B916-CA9CBB681B67}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D211C91-D991-47A5-A229-2269E7E96712}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{1E22F423-8234-42E8-8AE3-5FE7127A15C8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{1F6B6700-5138-45EB-8398-3155E6D50D00}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{2529F34F-566E-4B69-97AB-B183C057AB9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{3F69450D-20CF-4503-9508-89A09BFADB5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{49A18BD0-1E7C-4F93-A3AC-FD1E6E23F009}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{4F875974-6E5F-43FD-BFC6-DE59D1977EDA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{54998103-8713-4A42-B20C-ABB523623849}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{590E92E6-DD90-4E76-B7C3-B53403D4059A}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |

"{59623C5E-54C0-4D30-9ED6-679FE8194C31}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{63BFF2FB-DAFF-440D-A9A0-B74AF4393D73}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{6472494E-962F-49AD-93EF-B21111660923}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6C78B54B-9C3A-4350-956D-34D5937B770F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7D6ACDA8-C3E6-4046-B3E1-364EB44FDE15}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{80A39FEA-0F0B-4745-AE75-822DD960D57E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{8594CB60-55DA-4FEB-AA85-454B04587A63}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{90AB4EDE-6946-407C-81D8-1B2D4322A9C8}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{92A4F0BE-AA40-4E68-9571-6BDD52405B1B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |

"{96009D92-1BD6-4CE7-A8D7-1E92AA61DB98}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |

"{9E1D344D-B6AE-494D-8F48-AC6B1A636DCC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{B128D9CE-E685-46B0-8684-227415D66871}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{B2675CF9-2BB5-4E1F-8F74-BDAD129974ED}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{B5F8002A-B50F-4CCB-B9A1-89C52A2030AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C10FBB44-AED8-4559-A987-CB424D4F344B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{CBDC6E71-FC48-4227-AEA1-A80F4D5CB354}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{DA01CC61-A287-43A1-80F4-A6D0FFF66CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |

"{DACEBA01-34FA-48F3-8AB4-C7D4FD2A6761}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{DB2CE32E-442D-455F-8C34-5224EDFF616C}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |

"{DF971F58-84A9-4BCB-8E95-9B1854321418}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{E1591A70-49E8-403B-B18A-C4C85873BD90}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |

"{E574B053-9219-48B1-ADA5-A4779E53E042}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |

"{E970AA54-FCB6-45AE-81AE-9C49BE302F31}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{EAB4A534-2F93-467F-BEFD-E412394CDF0E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{F0A11CC4-8C52-4EFB-92A4-C151B914A4D8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |

"{F40EC78E-7581-4CA1-A054-CCABFDA907B0}" = protocol=6 | dir=out | app=system |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{12D93D02-3C15-DF08-581F-52E4A1EB0A3D}" = AMD Drag and Drop Transcoding

"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10

"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012

"{47F9B7C3-F172-940F-D0C4-203C7914E5D2}" = AMD Catalyst Install Manager

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{59B69525-1383-C84A-38EF-F442B63E69BC}" = AMD Media Foundation Decoders

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{838AF9AD-DE38-17FB-57F6-ADDF929F191E}" = AMD Accelerated Video Transcoding

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012

"{C8388DCB-6F85-C11F-C9F4-D636960E60F5}" = ccc-utility64

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"AVG" = AVG 2012

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{079A4EB2-9A74-7B86-12C2-00B52E395801}" = CCC Help Danish

"{112DDD07-E419-2498-1E9E-2157F82AF5AA}" = CCC Help Turkish

"{12A00DC2-1226-D9F2-13DA-F974111D439E}" = Catalyst Control Center

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{224828D6-DCA7-FDF3-3B85-085298AEC919}" = Catalyst Control Center InstallProxy

"{2993B157-97AE-7981-F29A-E6575F991CDB}" = CCC Help Swedish

"{347966F8-E71A-E1A5-95E4-3A1C215383F6}" = CCC Help Chinese Traditional

"{3B3D81AB-51E2-695F-7E57-1CC30049F2A3}" = CCC Help French

"{462C2036-3055-4369-D30B-8DA032331EAB}" = CCC Help Greek

"{51054867-140B-8FBF-73A8-75386276BD98}" = CCC Help Spanish

"{586A5957-F21B-C8AD-F5C2-11D4D7DA5340}" = CCC Help German

"{633414E3-AA2A-CD04-5976-E91F5F871396}" = CCC Help Japanese

"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™

"{812FF572-F216-EBA0-123E-636C1B6EBC5B}" = CCC Help Korean

"{85BB7CA7-6B0D-0B27-F4FF-B3D04282B3D1}" = CCC Help Russian

"{883CCFC7-CA6B-5531-704B-F9A64546B309}" = CCC Help Thai

"{8BDD3EC9-27E9-E490-7607-AF97FA678046}" = CCC Help Italian

"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9DA5221E-15DE-5B0F-D7BE-CCC7305575DD}" = CCC Help Dutch

"{A1400F57-65CC-0C22-6461-948EA2837670}" = CCC Help Hungarian

"{A561BB5F-5A85-5D88-E520-0A4512D5E6C0}" = CCC Help Norwegian

"{A8B72907-B3F5-4C18-2D2B-F5E786A520DF}" = CCC Help Polish

"{AD219F94-16F2-937F-076A-F22DAA8D0A0B}" = CCC Help Finnish

"{B2B5B39B-4E8C-AC78-7FF1-7055C338D243}" = Catalyst Control Center Graphics Previews Common

"{DD8ACFF8-098E-130C-2799-BCA4D41EBAB2}" = CCC Help Chinese Standard

"{DE123FE9-B7F6-A75A-920D-3937FB9F06E4}" = CCC Help Portuguese

"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding

"{EE253E80-C298-4A31-BB22-7280DC8C7177}" = CCC Help Czech

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F648F088-B270-CF18-6486-AF8B1FE6BC09}" = CCC Help English

"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables

"{FD85D9C0-783A-77B7-8EF8-326EC6C154D1}" = Catalyst Control Center Localization All

"Battlelog Web Plugins" = Battlelog Web Plugins

"ESN Sonar-0.70.4" = ESN Sonar

"Origin" = Origin

"Picasa 3" = Picasa 3

"PunkBusterSvc" = PunkBuster Services

"Revo Uninstaller" = Revo Uninstaller 1.94

"Seagate File Recovery for WindowsNSIS" = Seagate File Recovery for Windows 2.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 8/10/2012 12:59:41 AM | Computer Name = Compbro-PC | Source = Windows Installer 3.1 | ID = 921877

Description =

Error - 8/10/2012 4:04:23 PM | Computer Name = Compbro-PC | Source = Application Error | ID = 1000

Description = Faulting application name: mscorsvw.exe, version: 2.0.50727.4927,

time stamp: 0x4a275ab4 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x74916a34 Faulting process id:

0xbec Faulting application start time: 0x01cd7733487fe51a Faulting application path:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Faulting module path:

unknown Report Id: 93dc598d-e326-11e1-afc8-002564843ccb

Error - 8/10/2012 4:04:25 PM | Computer Name = Compbro-PC | Source = Application Error | ID = 1000

Description = Faulting application name: PnkBstrA.exe, version: 0.0.0.0, time stamp:

0x4f144d4e Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000

Exception

code: 0xc0000005 Fault offset: 0x74916a34 Faulting process id: 0x724 Faulting application

start time: 0x01cd7732fb3fbcb5 Faulting application path: C:\Windows\SysWOW64\PnkBstrA.exe

Faulting

module path: unknown Report Id: 9530be54-e326-11e1-afc8-002564843ccb

Error - 8/10/2012 4:04:30 PM | Computer Name = Compbro-PC | Source = Application Error | ID = 1000

Description = Faulting application name: ToolbarUpdater.exe, version: 12.2.0.5,

time stamp: 0x501a9284 Faulting module name: unknown, version: 0.0.0.0, time stamp:

0x00000000 Exception code: 0xc0000005 Fault offset: 0x74916a34 Faulting process id:

0x7a0 Faulting application start time: 0x01cd7732fbb46023 Faulting application path:

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe

Faulting

module path: unknown Report Id: 982a76ac-e326-11e1-afc8-002564843ccb

Error - 8/16/2012 6:57:14 PM | Computer Name = Compbro-PC | Source = Application Hang | ID = 1002

Description = The program PicasaPhotoViewer.exe version 3.9.135.93 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: fa4 Start

Time: 01cd7c0257ec0d13 Termination Time: 0 Application Path: C:\Program Files\Picasa3\PicasaPhotoViewer.exe

Report

Id: ad534faf-e7f5-11e1-b5c9-002564843ccb

Error - 8/16/2012 6:59:04 PM | Computer Name = Compbro-PC | Source = Application Hang | ID = 1002

Description = The program PicasaPhotoViewer.exe version 3.9.135.93 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: 424 Start

Time: 01cd7c02829073bb Termination Time: 15 Application Path: C:\Program Files\Picasa3\PicasaPhotoViewer.exe

Report

Id: f5f20acb-e7f5-11e1-b5c9-002564843ccb

Error - 8/16/2012 11:59:56 PM | Computer Name = Compbro-PC | Source = Application Hang | ID = 1002

Description = The program Explorer.EXE version 6.1.7600.16768 stopped interacting

with Windows and was closed. To see if more information about the problem is available,

check the problem history in the Action Center control panel. Process ID: ac4 Start

Time: 01cd7c2964f62846 Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE

Report

Id: d4558c00-e81f-11e1-a3b6-002564843ccb

[ System Events ]

Error - 8/18/2012 6:01:28 AM | Computer Name = Compbro-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 8/18/2012 6:01:29 AM | Computer Name = Compbro-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 8/18/2012 6:01:52 AM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 8/18/2012 6:03:12 AM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7023

Description = The Windows Defender service terminated with the following error:

%%126

Error - 8/18/2012 5:29:26 PM | Computer Name = Compbro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description = Installation Failure: Windows failed to install the following update

with error 0x80004004: Update for Windows 7 for x64-based Systems (KB2505438).

Error - 8/18/2012 5:34:43 PM | Computer Name = Compbro-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 8/18/2012 5:34:43 PM | Computer Name = Compbro-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 8/18/2012 5:37:07 PM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 8/18/2012 5:39:03 PM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 8/18/2012 5:40:20 PM | Computer Name = Compbro-PC | Source = Service Control Manager | ID = 7023

Description = The Windows Defender service terminated with the following error:

%%126

< End of report >

Link to post
Share on other sites

Hey howtodumb. :)

WhiteSmoke still present unfortunately. Here are the logs. ComboFix first then OTL.

Thank you for the logs. I believe I have found the last remnants of WhiteSmoke.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :files
    C:\Users\Compbro\AppData\Local\Conduit
    :OTL
    CHR - default_search_provider: Conduit (Enabled)
    CHR - default_search_provider: search_url = http://search.condui...&ctid=CT3244149
    CHR - default_search_provider: suggest_url = http://search.conduit.com/
    CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
    CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/np-cwmp.dll
    CHR - Extension: WhiteSmoke US New = C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]
    [Reboot]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Is WhiteSmoke still present?

Link to post
Share on other sites

WhiteSmoke toolbar is no longer present! Thank you so much for your time!

All processes killed

========== FILES ==========

C:\Users\Compbro\AppData\Local\Conduit folder moved successfully.

========== OTL ==========

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

Use Chrome's Settings page to remove the default_search_provider items.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins/np-cwmp.dll moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\_locales\en folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\_locales folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\toolbarImages folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\sl folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\lib\jquery.alerts\images folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\lib\jquery.alerts folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\lib folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\core folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\WEATHER\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\WEATHER\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\WEATHER folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER\resources folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER\img folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TWITTER folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_POPUP\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_POPUP folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_EMBEDDED\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_EMBEDDED folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\spec folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\lib\jasmine-1.1.0 folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest\lib folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI\autoTest folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\TESTER_BCAPI folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH_IN_NEW_TAB folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view\style folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view\script folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\view folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\resources folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\Css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH\buildSettings folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\SEARCH folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\RADIO_PLAYER folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\images folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG\agreement folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\PRICE_GONG folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\Optimizer\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\Optimizer folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\images\light folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\images folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\NOTIFICATION folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\img folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\MULTI_RSS folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\HIGHLIGHTER\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\HIGHLIGHTER\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\HIGHLIGHTER folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\APPLICATION_BUTTON folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa\404 folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\wa folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu\img folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\menu folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gf\img folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gf\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gf folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\gadgetFrame folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\dlg\ftd\images folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\dlg\ftd folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui\dlg folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ui folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\searchProtectorSettingsDialog\images folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\searchProtectorSettingsDialog folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog\images folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\SearchProtectorBubbleDialog folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\searchProtector folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\js\resources folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\images folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\options folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\myStuffDialogs folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\features\js\resources folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\features\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\features folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\api folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac\res folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac\img folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac\css folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\ac folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\aboutBox\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\aboutBox\images folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al\aboutBox folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb\al folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\tb folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\plugins folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\toolbarAPI folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\tabs\back folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\tabs folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\popup folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\options folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js\lib folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0\js folder moved successfully.

C:\Users\Compbro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif\10.11.21.5_0 folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compbro

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 5819463 bytes

->Google Chrome cache emptied: 224900410 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 70774853 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46396021 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 332.00 mb

[EMPTYFLASH]

User: All Users

User: Compbro

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.58.0 log created on 08192012_115537

Files\Folders moved on Reboot...

C:\Users\Compbro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Users\Compbro\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hey howtodumb. :)

WhiteSmoke toolbar is no longer present! Thank you so much for your time!

Great! ^_^

Please run a free online scan with the ESET Online Scanner.

Note: You can use Internet Explorer or Mozilla Firefox for this scan.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start.
  • When asked, allow the ActiveX control to install.
  • Click Start.
  • Make sure that the option Remove found threats is unchecked and the option Scan unwanted applications is checked.
  • Click Scan.
    Wait for the scan to finish.
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ce0b3613ab14034b9bcee4d6c472b277

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-08-20 09:28:47

# local_time=2012-08-20 04:28:47 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=1024 16777215 100 0 436 436 0 0

# compatibility_mode=5893 16776574 100 94 2967 97039527 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=193730

# found=1

# cleaned=0

# scan_time=2049

C:\Users\Compbro\Downloads\winrar setup.exe a variant of Win32/Soft32Downloader.B application (unable to clean) 00000000000000000000000000000000 I

Link to post
Share on other sites

Good afternoon howtodumb. :)

Please navigate to this file and delete it:

C:\Users\Compbro\Downloads\winrar setup.exe

Then, please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.46

Windows 7 x64 (UAC is enabled)

Out of date service pack!!

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

AVG Anti-Virus Free Edition 2012

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Google Chrome 21.0.1180.79

````````Process Check: objlist.exe by Laurent````````

AVG avgwdsvc.exe

AVG avgtray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hey howtodumb. :)

Please do the following update. Your version of Windows is out of date and by updating to the latest Service Pack you will minimise the risk of future infections through security patches and fixes.

Service Pack 1 (SP1) is an extremely important update for Windows 7 and will help reduce the chance of an infection. I strongly recommend you install this update.

Please open Internet Explorer and follow the instructions below to update Windows:

  • Go to this link: Windows Update
  • Download all the Critical updates, making sure you have selected SP1
  • Once they have been installed, please revisit Windows Update and select any further Critical updates.

Note:

It will be necessary for you to restart the computer during the updates, and return to the Windows Update site several times before all critical updates are installed.

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections.

==========

I also notice that your hard drive is heavily defragmented. This can lead to slower speeds on your computer. I recommend trying one of these free defragmenting programs:

Defraggler or Auslogics Disk Defrag

==========

Did the update install with no problems? Are there any remaining issues on your computer?

Link to post
Share on other sites

Hello howtodumb. :)

Glad to hear your computer is running fine!

Unfortunately the drive is still 26% fragmented.

You may need to defrag it again since it was reasonably defragmented the first time.

You could try running the defrag tool on Windows and see if it does any better:

http://windows.micro...-your-hard-disk

==========

A little housekeeping to uninstall ComboFix:

Please click Start>Run and copy/paste the following text, including the space between "ComboFix and "/uninstall", into the Run box and click OK:

ComboFix /uninstall

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Right-click the Recycle Bin and please select Empty Recycle Bin.

==========

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :thumbup:

IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.

As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster, can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewa...nti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.